Auth: Add support for OIDC RP-Initiated Logout (#70357)

* Fix signout redirect_uri issue * Fix signout redirect_uri issue * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * remove signout url global * style alignment * remove legacy handlers for devenv * Update pkg/api/login.go --------- Co-authored-by: Rao B V Chalapathi <b_v_chalapathi.rao@nokia.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: jguer <me@jguer.space>
2025-02-25 18:55:37 -06:00 · 2023-08-29 15:04:11 +05:30
parent e8aa74aba2
commit 7c98678188
7 changed files with 66 additions and 10 deletions
--- a/devenv/docker/blocks/auth/jwt_proxy/docker-compose.yaml
+++ b/devenv/docker/blocks/auth/jwt_proxy/docker-compose.yaml
@@ -12,7 +12,7 @@
  oauthkeycloak:
    image: quay.io/keycloak/keycloak:21.1
    container_name: oauthkeycloak
-    command: --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true start-dev
+    command: start-dev
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://oauthkeycloakdb/keycloak
--- a/devenv/docker/blocks/auth/oauth/docker-compose.yaml
+++ b/devenv/docker/blocks/auth/oauth/docker-compose.yaml
@@ -12,7 +12,7 @@
  oauthkeycloak:
    image: quay.io/keycloak/keycloak:22.0
    container_name: oauthkeycloak
-    command: --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true start-dev
+    command: start-dev
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://oauthkeycloakdb/keycloak
--- a/devenv/docker/blocks/auth/oauth/readme.md
+++ b/devenv/docker/blocks/auth/oauth/readme.md
@@ -11,7 +11,7 @@ Here is the conf you need to add to your configuration file (conf/custom.ini):

 ```ini
 [auth]
-signout_redirect_url = http://localhost:8087/realms/grafana/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Flogin
+signout_redirect_url = http://localhost:8087/realms/grafana/protocol/openid-connect/logout?post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Flogin

 [auth.generic_oauth]
 enabled = true